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1 Field Of The Invention 

2 The invention relates generally to the field of digital information communications, and more 

3 particularly to systems and methods for reducing the amount of bandwidth that may be taken up by looping 

4 message packets in a local area network. 

5 Background Of The Invention 

6 Digital networks have been developed to facilitate the transfer of information, including data and 
f** programs, among digital computer systems and other digital devices. A variety of types of networks have 
£t been developed and implemented, including so-called "wide-area networks" (WAN's) and "local area 
93 networks" (LAN's), which transfer information using diverse information transfer methodologies. Generally, 

lflj LAN's are implemented over relatively small geographical areas, such as within an individual office facility 

1 jjp or the like, for transferring information within a particular office, company or similar type of organization. 

1 L On the other hand, WAN's are generally implemented over relatively large geographical areas, and may 

if; be used to transfer information between LAN's as well as between devices that are not connected to 

mi LAN's. WAN's also include public networks, such as the Internet, which can carry information for a 

1 1| number of companies. 

1 6 Generally, in both LANs and WANs route information is transferred among devices connected in 

1 7 networks in the form of message packets, employing routers, bridges, gateways and other switching devices 

1 8 (generally, routers) to transfer the message packets thereamong. The routers are interconnected in a mesh 

19 pattern. A LAN that is connected to a WAN typically includes a firewall to mediate communications 

20 between the LAN and the WAN. Since the routers in a LAN, as well as a WAN, are connected in a mesh 

2 1 pattern, errors can arise in which message packets are transferred in loops. As more and more message 
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1 packets are caught up in a loop, the network bandwidth devoted to such message packets increases, 

2 decreasing the bandwidth available for other message packets at least in that region of the network. 

3 To address this problem, message packets are typically provided with "time to live" information, 

4 which allows a message packet to be discarded if it remains in the network for too long a time. Typically, 

5 both LANs and WANs make use of message packet transfer protocols conforming to, for example, the 

6 well-known Internet protocol ("IP"), which specifies a relatively long time to live. While this does not cause 

7 a significant problem in WANs such as the Internet, it can allow message packets caught in a loop in a 

8 LAN to live for a long enough period of time that they can seriously degrade network performance. 

& Summary Of The Invention 

. sir 

! s<= 

\<§ The invention provides a new and improved system and method for reducing the amount of 

Ijlj bandwidth that may be taken up by looping message packets in a local area network 

111 

lj m brief summary, the invention in one aspect provides a device for connection to a communication 

link in a local area network. The device includes a message packet generator for generating a message 

f4 packet for transmission over the network. In generating the message packet, the message packet generator 

III 

|3 provides a time to live field that contains an initial value that is preferably selected to be a function of the 

it maximum path length for transfer of message packets within the local area network. 

1 7 m another aspect, the invention provides a firewall for connection between a local area network 

18 and an external network. The firewall receives message packets from the external network for transmission 

19 to a destination device connected to the local area network, each message packet including a time to live 

20 field. The firewall, prior to transmitting the message packet over the local area network, substitutes for the 

2 1 value in the time to live field a value that is preferably selected to be a function of the maximum path length 

22 for transfer of message packets within the local area network. For message packets that the firewall 

23 receives from the local area network for transmission over the external network, the firewall substitutes a 
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1 default initial value that is selected for use for message packets transmitted over the external network in the 

2 time to live field, which typically will be significantly higher than the initial value that is used in the local area 

3 network. 

4 Since the initial time to live value used in the local area network is preferably selected to be a 

5 function of the maximum path length for transfer of message packets within the local area network, it can 

6 be much lower than the value that is typically used. This can reduce the bandwidth taken up by message 

7 packets that are in a loop in the local area network, which, in turn, can allow for increased bandwidth 

8 available for message packets that are being transferred through a portion of the loop but which are not 

9 themselves looping through the entire loop. 

$ Brief Description Of The Drawings 

in 

|| This invention is pointed out with particularity in the appended claims. The above and further 

f J advantages of this invention may be better understood by referring to the following description taken in 

11 conjunction with the accompanying drawings, in which: 

Q 

i!% 

f4 FIG. 1 is a functional block diagram of a network domain constructed in accordance with the 

invention; 

1 6 FIG. 2 depicts the structure of an illustrative message packet used in connection with the network 

1 7 domain depicted in FIG. 1 ; and 

1 8 FIG. 3 is a flow chart depicting operations performed by a firewall used in the network domain 

1 9 depicted in FIG. 1 in connection with the invention. 
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1 DETAILED DESCRIPTION OF AN ILLUSTRATIVE EMBODIMENT 

2 FIG. 1 is a functional block diagram of a network domain 1 0 constructed in accordance with the 

3 invention. With reference to FIG. 1 , network domain 1 0 includes a plurality of sub-domains 11(1) through 

4 1 1(6) (generally identified by reference numeral 1 l(n)) and at least one firewall 12 interconnected by a 

5 plurality of communication links generally identified by reference numeral 1 3(p). Generally, the firewall 1 2 

6 operates to regulate communications between the network domain 12, which may be a local area network 

7 maintained by a private organization, and devices (not shown) external to the network domain 1 0 that may 

8 wish to communicate with devices in the network domain 1 0 over, for example, a public network such as 

9 the Internet, the public switched telephony network (PSTN) and the like, as will be described below. 

1 QM As noted above, network domain 10 includes a plurality of sub-domains 1 l(n). Each sub-domain 

1 If! 1 l(n), in turn, comprises one or more devices generally identified by reference numeral 14(d) and at least 

liH one router 16(n)mtercomectedbyasub-domamconimunicationlink 15(n). Generally, the devices 14(d) 

130 transfer information in the form of message packets over the sub-domain communication link 15. For 

143 message packets that are to be transferred from a device 14(d) in one sub-domain ll(n) to a device 14(d') 

1 51] in another sub-domain 1 l(n') (n' n), those message packets will be received by the router 16(n) of sub- 

1 &Z domain 1 1 (n) and transferred to a router 1 6(ri) that is associated with another sub-domain 1 1 (n,). The 

1 P sub-domain 1 l(n,) may or may not be the sub-domain 1 l(n') that contains the destination device 14(d). 

18 If the sub-domain 1 1 (n,) is the sub-domain 1 1 (n') that contains the destination device 14(d), the router 

19 16(n') that receives the message packet will transmit the message packet over the communication link 

20 15(n*) associated with that sub-domain 1 l(n'), thereby to facilitate reception thereof by the destination 

21 device 14(n'). 

22 On the other hand, if the sub-domain 1 l(n,) is not the sub-domain ll(n') that contains the 

23 destination device 14(n'), the router 16(n,) of that sub-domain 1 l(n,) that receives the message packet, 

24 will forward the message packet to a router 1 6^) of another sub-domain 1 1 (%). These operations will 
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1 be repeated by routers 16(n,), 16(112).... of successive sub-domains 1 l(n,), 1 1 (r^)... until the message 

2 packet is received by the router 16(n') of the sub-domain 1 1 (n') that contains the destination device 14(d'). 

3 When the router 16(n') receives the message packet, it will transmit the message packet over the 

4 communication link 15(n*) to facilitate reception by the destination device 14(n'). The successive routers 

5 16(n,), 16(112) .... define a path from the sub-domain ll(n) that contains the device 14(d) that is the source 

6 of the message packet, and the sub-domain 1 l(n') that contains the device 14(d) that is the destination. 

7 As yet another possibility, a device 1 4(d) may wish to send a message packet to an external device 

8 (not shown), that is, a device that is not connected in the network domain 10, over the Internet, PSTN, or 

9 other external network. In that case, the message packet will be transferred by the router 1 6(n) of the sub- 
l.g domain 1 l(n) that contains the to the firewall 12, either directly or through one or more other routers 
lS 1 6(n, ), 1 6(112).... in a manner similar to that described above. When the firewall 1 2 receives the message 

: if 5 ; 

l|5 packet, it can determine whether the communication between the device 14(d) and the external device is 

M authorized, and, if so, forward the message packet over the external network connection 1 7. Similarly, if 

rj an external device wishes to transmit a message packet to a device 14(d) connected in the network domain 

1=5 10, the firewall 12 will receive the message packet from the external network connection 17. After the 

liii firewall 1 2 receives the message packet, it can determine whether the communication between the external 

lj| device and the device 1 4(d) is authorized and, if so, forward the message packet to the router 1 6(n) of the 

l|| sub-domain 1 l(n) which the device 14(d) is connected, either directly or indirectly through one or more 

19 other routers 16(n,), 16(n 2 ) along a path from the firewall 12 to the router 16(n). After the router 16(n) 

20 has received the message packet, it can transmit the message packet over the sub-domain's communication 

21 link 15(n) to facilitate reception by the device 14(d). Communications between a device 14(d) and an 

22 external device may be over a "secure tunnel," in which at least some of the information in the message 

23 packets as transmitted over the external network connection 1 7 is in encrypted form, or alternatively the 

24 information may be in plaintext; if the communications is over a secure tunnel, the firewall 12 will encrypt 

25 informations the message packet as generated by the device 14(d) before transmitting the message packet 



-5- 




99-167 

1 over the external network connection 17, and decrypt the encrypted information in the message packet 

2 received over the external network connection 17 before forwarding it to the device 14(d). 

3 The invention provides an arrangement that addresses a problem that can arise in connection with 

4 transfer of message packets that are transferred throughout the network domain, primarily by the routers 

5 1 6(n). In particular, there can arise situations in which loops develop so that, instead of a message packet 

6 being transferred by the routers along a path from the router 16(n), through intermediate routers 16(h), 

7 16(112)... to the routerl6(n') of the sub-domain 1 l(n') that contains the destination device 14(d'), at some 

8 point along the path the message packet is diverted in such a way that it returns to a router 1 6(%) along 

9 the path previous to the router 16(iv) (%<n Y ) at which it was diverted In that case, the message will 
10 continue being transferred in the loop through routers 16(%), 16(n x+1 ),..., 16(ny),..., 16(nx),..., 16(ny).... 
1 iJn This can occur if, for example, a communication link is connected incorrectly, a router is incorrectly 
1 2^ programmed, or the like. In addition, it can occur in connection with a number of message packets. As 
1 3! J*; more and more message packets get caught in the loop, the bandwidth through the routers associated with 
14iy the loop taken up by those message packets increases, which can significantly degrade network 
15 3i performance. 

16;;! To address this problem, typically each message packet is provided with a so-called "time to live' 1 

1 7 [jU field, which is provided with a selected value when it is transmitted, and is decremented by each router that 

1 813 receives it If a router decrements the value in the time to live field to zero, it will discard the message 

1 9 packet While this does not eliminate the possibility of loops developing, it can attempt to limit the injury 

20 by ensuring that message packets will be discarded after they have gone around at least a portion of a loop 

2 1 a maximum number of times. Typically, message packets transmitted over wide area networks such as the 

22 Internet, which also have routers that forward message packets in a manner similar to that described above 

23 in connection with network domain 10, also include time to live fields to address the possibility of loops 

24 developing, and for such message packets the value in the time to live field is initialized to a relatively high 

25 number, typically thirty-two, to accommodate the possibility that it will not be decremented sufficiently that 
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1 it will be discarded along the path fiom the source to the destination. Typically, that same initial value is 

2 also used as initial values in time to live fields of message packets that are to be transferred through LANs 

3 such as network domain 1 0. However, that value is generally much higher than would be necessary in a 

4 LAN such as network domain 10. In addition, it will be appreciated that, the higher the initial value, the 

5 longer a message packet that was in a loop would remain in the loop. 

6 Accordingly, in accordance with the invention, devices 14(d), when they generate message 

7 packets, initialize the time to live fields to a relatively small value. The initial value is preferably selected to 

8 be high enough to ensure that the value is not decremented to zero over a relatively long path to the 

9 destination device within the network domain 10, and in one embodiment is selected to be on the order of 
10 five. Since the initial time to live value is lower than the initial value that is normally used, if the message 
1 jtj packet gets caught in a loop, it will be discarded earlier than if the initial time to live value were the initial 
l|I value that is normally used. Thus, if a loop develops, message packets get caught in the loop will be 

'•it 

1 fl discarded earlier than normally, which can reduce the amount of bandwidth that is taken up by such 

ill 

liflJ messages. 

! 5Slf 

1 |i a device 14(d) will also use this reduced initial time to live value in connection with message 

1 |j packets that are to be transmitted to external devices. In that case, when the firewall 12 proceeds to 

1 f j forward the message packet over the external network connection 1 7, it will increase the value in the time 

1 £ to live field to correspond to the initial value that is used in message packets transmitted over the Internet, 

1 9 that is, thirty-two, as described above. Similarly, when the firewall 12 receives a message packet from the 

20 external network connection 1 7, if it determines that the message packet is to be forwarded to a device 

2 1 14(d), it will substitute the initial time to live value that is selected for use in the network domain 10 in the 

22 time to live field This substitution will generally result in a reduction in the time to live value from that in the 

23 message packet as received over the external network connection 17, so that, if a loop develops in the 

24 network domain 10, message packets get caught in the loop will be discarded earlier than normally, which 

25 can reduce the amount of bandwidth that is taken up by such messages in the network domain 1 0. 
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1 Before proceeding further, it would be helpful to describe the structure of a message packet used 

2 in connection with one embodiment of Hie invention. FIG. 2 depicts an illustrative message packet 20 

3 including a header portion 21 and a payload date portion 22. Generally, the message packet 20 tiiat will 

4 be described in connection with FIG. 2 will conform to the format defined for the Internet protocol, but it 

5 will be appreciated that any other convenient format may be used. In a message packet 20 that conforms 

6 to the format defined for the Internet protocol, the header portion 21 contains information that is used by 

7 flie routers 16(n) and firewall 12 in connection with transmission of message packets throughout the 

8 network domain 10. In addition, for message packets that a router 16(n) transmits onto its sub-domain's 

9 communication link 15(n), the header portion 21 contains information that each device 14(d) uses to 
10 determine whether it is to receive the respective message packet Similarly, for message packets that the 
lp firewall 12 transmits over or receives from the external network connection 17, the header portion 21 
l| contains information that is used in connection with transfer of message packets through me exle^ 
l| network. The payload data portion 22 of message packet 20 contains the information that the source 
l| device is to transfer to the destination device. As noted above, if message packels are to be transferred 
l S over the external network over a secure tunnel, some portion of the message packets may be encrypted, 
lil and it should be noted that the payload data portion 22 is the portion that is to be encrypted; in that case, 
1 1 J the information in the header portion 2 1 will not be encrypted since routers, switches and the like which 
l p! forward the message packets in the external network will need to have access to the information to route 
1 ¥ the message packets to the respective destinations. 

20 The header portion 21 includes a plurality of fields, including one or more fields, generally referred 

21 to by reference numeral 23, which contain protocol information, a source address field 24, a destination 

22 address field 25 , a time to live field 26, one or more fields, generally referred to by reference numeral 27, 

23 which contain miscellaneous information, and a checksum field 28. The protocol information in field(s) 23 

24 may include such information as a protocol version identifier, a quality of service identifier, and a length 

25 field The quality of service identifier can identify a priority for Hie message packet The length field 

26 identifies the total length of the message packet. If the message packet 20 is one of a plurality of message 
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1 packets that together are fragments of a larger message packet, the protocol information may also include 

2 a fragment offset value identifying the offset of the message packet 20 into the larger message packet; this 

3 will allow the destination device to reassemble the larger message packet from tiie fragments. Other types 

4 of protocol information will be apparent to those skilled in the art. 

5 The source and destination address fields 24 and 25 identify the source device, the device that 

6 generated Ihe message packet 20, and the destination device, the device that is to receive the message 

7 packet 20, respectively. 

8 The time to live field 26 receives the time to live value as described above. As noted above, the 

9 source device 14(d) in network domain 10 will provide an initial time to live value, and each router 16(n) 
10 that receives the message packet 20 will decrement the value in the time to live field 26. Since a router 
l| 1 6(n) will discard the message packet 20 if the value in the time to live field decrements to zero, the initial 
l| value provided by the source device 14(d) will preferably selected to be high enough to ensure that the 
l| value is not decremented to zero over a r^^ 

l€t domain 10. 

l| .TtemiswUaneoiainfo^ 

l| number of options are defined for the Internet protocol. A security option may be selected if information 
lg in the message packet is deemed sensitive, which may affect the path over which the message packet is 

18 routed particularly through the external network. A source routing option may be selected whereby the 

19 source device, or a router along the path to the destination device, specifies the path therefrom to the 

20 destinationdevice; in that case, the path is included in the miscellaneous information field(s) 27. In addition, 

21 typically the length of the header portion 21 is required to be on octet boundaries, with each octet 

22 comprising a predetermined number of bits, the miscellaneous information field(s) may include padding to 

23 ensure that the header portion 21 ends on an octet boundary. The checksum field 28 includes a value 

24 corresponding to the checksum of the values in the other fields 23 through 27. The checksum value can 

25 be used to verify that the information in the fields 23 through 27 was correctly received. If the checksum 
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1 indicates that the information in fields 23 through 27 was not correctly received, the error may result in the 

2 message packet being routed to a device that is not the intended destination, in which case the message 

3 packet can be discarded. 

4 withthisbackgro^ 

5 a router 16(n) inside the network domain 10, will substitute the normal time to live value in the time to live 

6 field26beforeittransrmtsthemessagep 17. This will generally 

7 provide that the message packet will not be discarded before it reaches the destination device unless the 

8 message packet loops. Contrariwise, the firewall 1 2, when it receives a message packet ftom the external 

9 network connection 17, substitutes the initial time to live value selected for the network domain 10 in the 

10 time to live field 26 before it transmits the message packet into the network domain 10, which, as noted 
l!p above, canservetoreducethebandwidmto 

l| network domain 10. Operations performed by the firewall 12 in this comection are described in the flow 

1 J chart depicted in FIG. 3. Since the operations will be readily apparent to those skilled in the art from the 

fl! above description, they will not be described further herein. 

Iffi The invention provides a number of advantages. In particular, the invention provides an 

11 arrangementtl^faciUtatesuseofatimeto 
l| bandwidfotakenupbymessagep 

1§ increased bandwidth available for message packets that are being transferred through a portion of the loop 

1 9 but which are not themselves looping through the entire loop. 

20 It will be appreciated that a number of modifications may be made to the arrangement described 

21 above in connection with FIGS. 1 through! For example, the devices 14(d) canbe any kind of devices 

22 which may be connected in a network domain 10, including any type of computers (illustratively, personal 

23 computers, workstations, mini- and mainframes), as well as devices, such as mass storage systems, 

24 network printers, and other devices that can store, process and otherwise make use of digital information. 

25 Although the network domain 1 0 has been described as making use of routers to transfer message packets 
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between and among sub-domains 1 l(n), it will be appreciated that any type of device that can switch 
message packets among a plurality of inputs and outputs may be used, including, for example, switching 
nodes, bridges, gateways, and the like. Furthermore, although the network domain has been described 
as making use of message packets that conform to the format specified in the Internet protocol, it will be 
appreciated that message packets of any format can be used, provided they contain a field that performs 
a function similar to that provided by the time to live field For example, a message packet that conforms 
to the format defined by Ihe CLNP (ConnectionLess Network Protocol) protocol includes a "lifetime" field 
that performs a function similar to that provided by the time to live field 26. In addition, message packets 
can be transferred over communication links 13(p) and 15(n) using any convenient transfer protocol or 
protocols. Illusttatively, message packets may be transferred over the intra-sub-domain communication 
link 15(n) using, for example, the well-known Ethernet protocol, a token ring protocol, or any other 
convenient protocol. 

It will be appreciated that a system in accordance with the invention can be constructed in whole 
or in part from special purpose hardware or a general purpose computer system, or any combination 
thereof, any portion of which may be controlled by a suitable program. Any program may in whole or in 
part comprise part of or be stored on the system in a conventional manner, or it may in whole or in part be 
provided in to the system over a network or other mechanism for transferring information in a conventional 
manner. In addition, it will be appreciated that the system may be operated and/or otherwise controlled 
by means of information provided by an operator using operator input elements (not shown) which may 
be connected directly to the system or which may transfer the information to the system over a network 
or other mechanism for transferring information in a conventional manner. 

The foregoing description has been limited to a specific embodiment of this invention. It will be 
apparent, however, that various variations and modifications may be made to the invention, with tiie 
attainment of some or all of tiie advantages of the invention. It is the object of the appended claims to cover 
these and such other variations and modifications as come within the true spirit and scope of the invention. 
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1 What is claimed as new and desired to be secured by Letters Patent of the United States is: 
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